Understanding the need for DevSecOps
Before we dive into the layers of DevSecOps, it’s good to understand why DevSecOps is important in multi-cloud. First, we must understand the layers in securing the cloud. There are four layers to be considered:
- Organizational level or the overarching governance
- Enterprise level, ensuring the security across accounts, auditing centralized compliancy through monitoring and logging, and promoting automation
- Subscription level, using Role Based Access Control (RBAC), threat detection and in-depth defence
- Solution level, using CI/CD with validated templates, blueprints and images
We must define security on all levels. The following diagram shows all levels of defence in cloud.
The top of the stack is formed by the application payloads. In multi-cloud, enterprises will likely use containers and CI/CD (Continuous Integration/Continuous Deployment) pipelines in multi-cloud. With multi...